package com.dropdb.demo.shiro;

import com.dropdb.demo.bean.Admin;
import com.dropdb.demo.bean.vo.CouponListElementtData;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.ArrayList;
import java.util.LinkedHashMap;

@Configuration
public class ShiroConfig {
    /**
     * Shiro拦截器工厂
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 当认证失败时跳转的url
        shiroFilterFactoryBean.setLoginUrl("/admin/auth/unauthc");
        // 使用linkedHashMap保证顺序
        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        // anon 匿名访问
        filterChainDefinitionMap.put("/admin/auth/login","anon");
        filterChainDefinitionMap.put("/wx/auth/login","anon");
        // 需要认证 /** 写最后
        filterChainDefinitionMap.put("wx/search/clearhistory", "authc");
        filterChainDefinitionMap.put("wx/feedback/submit", "authc");
        filterChainDefinitionMap.put("/admin/**","authc");
        filterChainDefinitionMap.put("/wx/order/**","authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return shiroFilterFactoryBean;
    }


    /**
     * SecurityManager
     */
    @Bean
    public DefaultWebSecurityManager securityManager(AdminRealm adminRealm,
                                                     DefaultWebSessionManager sessionManager,
                                                     CustomAuthenticator authenticator){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        // 这句是不是没用了，毕竟用了下面的CustomAuthenticator
        defaultWebSecurityManager.setRealm(adminRealm);
        defaultWebSecurityManager.setSessionManager(sessionManager);
        defaultWebSecurityManager.setAuthenticator(authenticator);
        return defaultWebSecurityManager;
    }

    /**
     * session管理器
     */
    @Bean
    public DefaultWebSessionManager sessionManager(){
        CustomWebSessionManager customWebSessionManager = new CustomWebSessionManager();

        return customWebSessionManager;
    }

    /**
     * 明式鉴权 注解需要的组件
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager defaultWebSecurityManager){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager);
        return authorizationAttributeSourceAdvisor;
    }


    /**
     * 使用自定义的认证器
     */
    @Bean
    public CustomAuthenticator authenticator(AdminRealm adminRealm, WxRealm wxRealm){
        CustomAuthenticator customAuthenticator = new CustomAuthenticator();
        ArrayList<Realm> realms = new ArrayList<>();
        realms.add(adminRealm);
        realms.add(wxRealm);
        customAuthenticator.setRealms(realms);
        return customAuthenticator;
    }

    //可以进行密码加密设置
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(WxRealm wxRealm, AdminRealm adminRealm){
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        hashedCredentialsMatcher.setHashIterations(1);
        wxRealm.setCredentialsMatcher(hashedCredentialsMatcher);
        adminRealm.setCredentialsMatcher(hashedCredentialsMatcher);
        return hashedCredentialsMatcher;
    }
}
